\contentsline {section}{List of Figures}{5}{chapter*.1}
\contentsline {section}{List of Tables}{6}{chapter*.2}
\contentsline {chapter}{\numberline {1}Introduction}{1}{chapter.1}
\contentsline {section}{\numberline {1.1}Back ground}{1}{section.1.1}
\contentsline {section}{\numberline {1.2}Malware analysis problem}{1}{section.1.2}
\contentsline {section}{\numberline {1.3}Approach}{2}{section.1.3}
\contentsline {section}{\numberline {1.4}Thesis outline}{2}{section.1.4}
\contentsline {chapter}{\numberline {2}Back ground}{4}{chapter.2}
\contentsline {section}{\numberline {2.1}Growth of malware attack}{4}{section.2.1}
\contentsline {section}{\numberline {2.2}Malware avoidance technique}{5}{section.2.2}
\contentsline {section}{\numberline {2.3}Malware analysis technique}{6}{section.2.3}
\contentsline {subsection}{\numberline {2.3.1}Dynamic malware analysis}{6}{subsection.2.3.1}
\contentsline {subsection}{\numberline {2.3.2}Static malware analysis}{7}{subsection.2.3.2}
\contentsline {section}{\numberline {2.4}Malware categories}{7}{section.2.4}
\contentsline {subsection}{\numberline {2.4.1}Use virus total to detect the name of categories.}{8}{subsection.2.4.1}
\contentsline {subsection}{\numberline {2.4.2}Using virus total to getting vendor name}{9}{subsection.2.4.2}
\contentsline {section}{\numberline {2.5}Problems of malware name}{9}{section.2.5}
\contentsline {section}{\numberline {2.6}Malware families is used in this paper}{10}{section.2.6}
\contentsline {chapter}{\numberline {3}Related research}{12}{chapter.3}
\contentsline {section}{\numberline {3.1}Flow graph}{12}{section.3.1}
\contentsline {section}{\numberline {3.2}Optimizing decision tree in malware classification system by using Generic Algorithm}{13}{section.3.2}
\contentsline {section}{\numberline {3.3}Conclustion}{14}{section.3.3}
\contentsline {chapter}{\numberline {4}Classification based on malware's meta-data using decision tree approach}{15}{chapter.4}
\contentsline {section}{\numberline {4.1}PE file format}{15}{section.4.1}
\contentsline {subsection}{\numberline {4.1.1}PE file overview}{15}{subsection.4.1.1}
\contentsline {subsection}{\numberline {4.1.2}PE header}{17}{subsection.4.1.2}
\contentsline {section}{\numberline {4.2}Decision tree\cite {wikipedia}}{17}{section.4.2}
\contentsline {section}{\numberline {4.3}Classification based on malware's meta-data using decision tree approach}{19}{section.4.3}
\contentsline {chapter}{\numberline {5}Implementation}{20}{chapter.5}
\contentsline {section}{\numberline {5.1}Environment}{20}{section.5.1}
\contentsline {section}{\numberline {5.2}Over view}{20}{section.5.2}
\contentsline {section}{\numberline {5.3}Classification based on machine learning technique}{21}{section.5.3}
\contentsline {subsection}{\numberline {5.3.1}Meta-data}{21}{subsection.5.3.1}
\contentsline {subsection}{\numberline {5.3.2}Create training data}{22}{subsection.5.3.2}
\contentsline {subsection}{\numberline {5.3.3}Classification}{22}{subsection.5.3.3}
\contentsline {chapter}{\numberline {6}Evaluation}{25}{chapter.6}
\contentsline {section}{\numberline {6.1}Accuracy evaluation}{25}{section.6.1}
\contentsline {section}{\numberline {6.2}Efficiency of classifying}{26}{section.6.2}
\contentsline {chapter}{\numberline {7}Conclusion}{29}{chapter.7}
\contentsline {section}{\numberline {7.1}Conclusion}{29}{section.7.1}
\contentsline {section}{\numberline {7.2}Future work}{29}{section.7.2}
\contentsline {chapter}{References}{ii}{section*.4}
